Every CVE whose affected-product data names Openstack Barbican, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-23451 — CVSS 8.1 (high): An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user…
CVE-2023-1633 — CVSS 6.6 (medium): A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file…
CVE-2023-1636 — CVSS 6.0 (medium): A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one…
CVE-2022-3100 — CVSS 5.9 (medium): A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
CVE-2022-23452 — CVSS 4.9 (medium): An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container…